643 Commits (bea3a62a37a6bbfdf65057d6769147a2bfe7cd5f)

Author	SHA1	Message	Date
sebres	0600d51511	filter.d/exim.conf: added new reason for "rejected RCPT" regex: Unrouteable address	8 years ago
sebres	c546f85207	filter.d/exim.conf: cherry-picked from 0.10, match complex time like `D=2m42s` (closes gh-1766)	8 years ago
sebres	3161bcf78b	filter.d/exim.conf: optional part `(...)` after host-name before `[IP]`, normalized over whole config file. ... # Conflicts: # config/filter.d/exim.conf	8 years ago
Serg G. Brester	52c1950371	Update mysqld-auth.conf ... small typo, closes gh-1725 (Thx @seth-reeser)	8 years ago
sebres	8768776d68	filter.d/cyrus-imap.conf: fixed `failregex` - accept entries without login-info resp. hostname before IP address	8 years ago
sebres	9d06f0ee40	sshd-amend: optional space after port part	8 years ago
sebres	54a8c681ce	suhosin.conf: removed greedy match	8 years ago
sebres	8aa9516d50	sshd.conf: fixed expression "received disconnect ... auth fail" - optional space after port part (gh-1652)	8 years ago
sebres	3276bd6d54	sshd: additionally aggressive filter rules - no matching cipher resp. no matching key exchange method (gh-1545, gh-1117)	8 years ago
sebres	628789f9a9	sshd: conditional parameter "mode" for sshd jail (normal, ddos, aggressive) ... filter sshd-ddos and new filter sshd-aggressive are both derivation of sshd-filter	8 years ago
sebres	dd373dba9f	test all config-regexp, that contains greedy catch-all before <HOST>, that is hard-anchored at end or precise sub expression after <HOST>; ... new ssh rule(s) added: - Connection reset by peer (multi-line rule during authorization process); - No supported authentication methods available; Single line and multi-line expression optimized, added optional prefixes and suffix (logged from several ssh versions); closes gh-864	8 years ago
Christian Brandlehner	a4d8426401	Support for IBM Domino SMTP task (#1603) ... filter.d/domino-smtp.conf	8 years ago
sebres	a9523aefbb	sshd.conf: fixed non-anchored part of regex (misleading match of colon inside IPv6 address instead of `: ` in the reason-part by missing space).	8 years ago
Yaroslav Halchenko	31a1560eaa	minor typos (thanks Vincent Lefevre, Debian #847785)	8 years ago
sebres	45f1d811c9	Merge branch 'alex1702-1586'	8 years ago
sebres	425170cef3	code review, makes the test cases workable, added dev-notes	8 years ago
sebres	931eab84b5	`filter.d/apache-modsecurity.conf` ... - fixed for newer version (one space, closes gh-1626) reviewed and optimized: - non-greedy catch-all replaced for safer match - unneeded catch-all anchoring removed - non-capturing groups	8 years ago
sebres	5678d08a79	filter.d/dovecot.conf update: ... - fixes failregex, that ignores failures through some irrelevant info (closes #1623); - ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)` - review, IPv6 compatibility fix, non-capturing groups	8 years ago
sebres	b5433f48b7	amend after code review of merge gh-1581	8 years ago
sebres	bee6e7376b	Merge branch 'aclindsa:master'	8 years ago
sebres	dab5f56609	Merge branch 'fix-gh-1477'	8 years ago
Alex	8ac28e5dcb	Make changes and add test file	8 years ago
Alex	8c40766511	Add Mongodb-auth filter and jail	8 years ago
Aaron Lindsay	7805f9972d	filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'	8 years ago
sebres	84c3eb3e0e	filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) ... Closes #1578	8 years ago
sebres	9fb167b5e1	filter.d/vsftpd.conf: optional reason message after FAIL LOGIN, closes #1543	8 years ago
sebres	4a1d720344	filter.d/asterisk.conf: another part ` chan_sip.c:28468 handle_request_register:` in log prefix	8 years ago
sebres	2c54f90469	sshd-filter: better universal regexp, that matches more complex different injects, using conditional expressions (on username and auth-info section), see new test cases also.	8 years ago
sebres	a544c5abac	sshd-filter: recognized "Failed publickey for" now (gh-1477) + improved regexp (not anchored now to recognize all "Failed anything for ... from <HOST>" ... ChangeLog entry added	8 years ago
sebres	38d53a72fd	introduces new command "fail2ban-python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located); ... fixed pythonic filters and test scripts (running via "fail2ban-python" now); fixed test case "testSetupInstallRoot" not for default python (also using direct call, out of virtualenv); # Conflicts: # config/filter.d/ignorecommands/apache-fakegooglebot # fail2ban/tests/files/config/apache-auth/digest.py # fail2ban/tests/files/ignorecommand.py # fail2ban/tests/misctestcase.py	8 years ago
maksyms	9ddbd642f7	Accept no space after "failed:" (#1501) ... yoh: Squashed to ease cherry-picking into 0.9 * accept no space after "failed:" fix issue #1497 * accept no space after "failed:" * Update postfix-sasl * Update postfix-sasl * Update postfix-sasl	8 years ago
sebres	c52aaa8b78	ASSP failregex minor fixes	8 years ago
rhardy613	8265e3f0f9	Fix comments ... For some reasons the comment changes weren't pickup in the last commit. This fixes it.	8 years ago
rhardy613	66fe5a77ce	Fix ASSP filter to work with both ASSP V1 and V2 ... ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. This fix adds V2 support.	8 years ago
rhardy613	890a3dcbb9	Fix ASSP filter to work with current release of ASSP ... ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP. Now updated with anchored patterns tested against 6 months of log data.	8 years ago
rhardy613	f73746d846	Fix ASSP filter to work with current release of ASSP ... ASSP V1 development stopped at the end of 2014 and it is now deprecated. All users were urged to upgrade to ASSP V2 which is still actively developed. For some reason fail2ban 0.9.5 (and trunk) still have code which only understands ASSP V1 logs. This means the filter ignores brute force attacks against ASSP.	8 years ago
Yaroslav Halchenko	28a0605f69	Merge pull request #1478 from gips0n/master ... adding openldap slapd filter	8 years ago
Andrii Melnyk	7433b353ee	another variant of regex	8 years ago
Andrii Melnyk	7c5828dd2a	add trailing anchor to failregex	8 years ago
Andrii Melnyk	48c094f612	improved failregex according to @sebres recomendations	9 years ago
sebres	f5f204ca7c	Improved changes of gh-1458: ... `[^']*` after callid was wrong, changed to `[^\)]*`; regexp anchored at the end; almost the same regex grouped to one; Closes #1458	9 years ago
nturcksin	72a157b8f2	Improve PJSIP log support for asterisk 13+ with different callID (Squash gh-1458) ... Change the asterisk pjsip filter to don't take the callId part Add optional part between "Request" and "from" Listed all log message from asterisk	9 years ago
Andrii Melnyk	dcb69b0242	* add `__prefix_line` to regex ... * fix time in log file	9 years ago
Andrii Melnyk	b2e3affaa0	adding openldap slapd filter	9 years ago
Yaroslav Halchenko	636a93f58b	Merge pull request #1438 from yarikoptic/bf-exim ... exim filters -- make wider use of host_info helper str susbstitution + fix for #1430	9 years ago
Ludovic Gasc	f85fb45b29	Asterisk pjsip (#1456) ... * Improve PJSIP log support for Asterisk 13+ * Update changelog: filter.d/asterisk.conf - fix security log support for PJSIP and Asterisk 13+ * Change pjsip regexp with sebres observation, thanks to @nturcksin	9 years ago
Yaroslav Halchenko	6434661480	RF: for consistency use (?:XXX)? instead of (?:|XXX)	9 years ago
Yaroslav Halchenko	48a8324662	ENH: use non-capturing regex groups in exim-common and exim filters	9 years ago
Yaroslav Halchenko	9bb869b8d4	ENH: courier-smtp -- allow for trailing username (no spaces) in the logline ... Closes #1440	9 years ago
Yaroslav Halchenko	8b8cf2a660	ENH: exim filters -- make more use of %(host_info)s which in turn made more flexible	9 years ago